Customers have been unable to make withdrawals following DoS attack by griefers.

Bitcoin exchange Mt. Gox plans to lift its suspension of external Bitcoin transfers soon after fixing a weakness in its accounting process that left it susceptible to denial-of-service attacks, company representatives said Monday.

Further Reading

As Ars reported last week, the Tokyo-based Mt. Gox was one of at least two Bitcoin exchanges that temporarily suspended withdrawals after coming under attacks that deliberately flooded it with malformed transaction records. The phantom transactions didn't allow attackers to steal money or permanently tamper with the central accounting system for the digital currency, but it had a noticeable effect on some exchanges. The malformed records created discrepancies in the effected exchange's accounting systems that caused them to fall out of sync with the network. The exchanges then experienced slow downs as they recalculated their account balances. The attack and the vulnerability it exploited came to public attention through the research of Bitcoin wallet developer Blockchain.info.

We apologize for the inconvenience caused by the recent suspension of external Bitcoin transfers. Fortunately, as we announced on Saturday, we have now implemented a solution that should enable withdrawals and mitigate any issues caused by transaction malleability (please see our previous statements for details on this issue).

Thanks to our friends at Blockchain.info, Mt. Gox now has a workaround that will use a unique identifier created by Blockchain to show whether transactions have been modified or not. This will prevent any fraudulent use of the malleability issue and protect the assets of our customers.

Resuming Withdrawals

With this new system in place, Mt. Gox should be able to resume withdrawals soon. At the beginning we will do so at a moderated pace and with new daily/monthly limits in place to prevent any problems with the new system and to take into account current market conditions.

In order to launch the new system, we are going through the following steps:

Re-indexing the entire Blockchain (approx. 32 million entries)

Fully deploying the new NTX ID

Implementing a new Bitcoin withdrawal queue that needs to be tested

We will update everyone again by Thursday at the latest.

Mt. Gox is also adding a new login system that automatically sends users an e-mail each time their account is accessed. The company continues to recommend customers make use of two-factor authentication.

Some people sure must be making a lot of money every time bitcoin drops 80% in value in a day.

The market is extremely volatile and widely open to manipulation. I really don't think it takes much to torpedo the value with the intention of buying low. You just have to be confidant that the value will go back up, which may also be a product of market manipulation. I'm staying the hell away.

For a product which professes to be a revolution in payments, it's only really proven useful as a vehicle for speculation.

"We fixed the problem on our end, even though it was a hardcoded problem with Bitcoin."

I think that's actually a reasonable statement. The fact that transactions can go an unbounded time before confirmation is a problem; I understand that they tried to work around this by tracking the ID, which then has the malleability flaw. So “we worked around a limitation of the protocol in a way that had a different flaw”.

I think that's actually a reasonable statement. The fact that transactions can go an unbounded time before confirmation is a problem; I understand that they tried to work around this by tracking the ID, which then has the malleability flaw. So “we worked around a limitation of the protocol in a way that had a different flaw”.

It would be more reasonable if consequences of the OpenSSL bug that underlies the problem hadn't been noted 3 years ago. The open source implementation maintained by volunteers fixed it in the reference implementation was fixed a year ago. Yet Mt Gox, a profit making entity with paid developers, couldn't find the time to fix their implementation.

Something is very strange with this exchange. If someone is holding your money and they tell you that they can only release a fraction of it at a time (or none at all, as is the case right now)... you should be very cautious. It would not surprise me one bit if they actually no longer had access to the assets that they claim they control. Good luck to everyone who still needs to get their bitcoins out of Mt. Gox.

"Something is very strange with this exchange. If someone is holding your money and they tell you that they can only release a fraction of it at a time (or none at all, as is the case right now)... you should be very cautious. It would not surprise me one bit if they actually no longer had access to the assets that they claim they control."

All very good reasons not to leave your Bitcoins in an exchange. The entire system is still in beta, and really, crises like this one is more the expected result than a genuine surprise and cause for dismay. Basically, I think the management at Mt. Gox is responsible and honest, albeit a tad incompetent, but there are so many factors that are beyond their complete control. It's sad that when the going gets rough like this people don't know and/or don't remember all the ways Mt. Gox has done a superlatively good job of being the first Bitcoin exchange. If you meander around some of the bitcoin forums, you often see snarky remarks from people who wish everybody else could just keep a lid on it until the problems get sorted out. I'm quite sure that when all the dust settles, every single Bitcoin deposited to Mt. Gox will still be there and available for its rightful owner to withdraw.

Still, depending on how possessive you are of your money, keeping it in a Bitcoin exchange at this stage of the game is more than a tad risky. Me, I keep mine in several identical flash drives that are disconnected from any computer 99.9% of the time (a modern day equivalent of stashed under a mattress), with only very small amounts of my BTC in a hot wallet at any one time, or larger amounts for vanishing small amounts of time. Exchanges have their uses, but not for holding deposits, in my opinion. Maybe someday, but we aren't there yet.

"The 'problem on their end' was using a non-unique ID as a unique ID. Nothing more, nothing less. "

And they knew what sort of problems this would cause when the developers changed the algorithms to only recognize transaction IDs with no padding zeros - in 2011 - and everyone else updated their code to reflect this change. Yes, Mt. Gox is a little lax and guilty of not keeping their eye on the birdie, but nothing worse than that.

While the price on Mt Gox continues to fall as their users scramble for the door, what I find interesting is that other exchanges such as Bitstamp appear to have been only moderately affected by the ongoing implosion of Mt Gox. This could be a sign that if Mt Gox actually goes bankrupt, other exchanges will have no problem carrying on without them.

It will be very interesting to see what happens when a real U.S. based exchange comes online once the regulations get sorted out.

In the case of Bitcoin its not that simple. When the price drops like that no one wants to sell their Bitcoins to you at the market price and as the market is small the exchanges cannot just magic a customer out of no where. Recently people were wanting £100 over the market price (25%) which meant there would be no quick profits on the way back up as you effectivley starting at a 25% loss.

"Something is very strange with this exchange. If someone is holding your money and they tell you that they can only release a fraction of it at a time (or none at all, as is the case right now)... you should be very cautious. It would not surprise me one bit if they actually no longer had access to the assets that they claim they control."

All very good reasons not to leave your Bitcoins in an exchange.

So if you want your Bitcoins actually usable, your private wallet has to be Internet accessible which makes it vulnerable - as we've seen with Bitcoin private wallets getting robbed.

If these exchanges don't have the technical expertise to keep there machines safe, what makes you so certain you can?

This is the biggest issue I have with bitcoin - the constant series of excuses why Bitcoins is still so safe even with all of the awful news. A major exchange gets hacked, "People know not to use that one. If they go under, they deserve it. ". A problem in the protocol: "We knew about that for years." A few major Bitcoin sites get hacked: "It's their fault. They should have had better code."

The only resin Bitcoins have not gone to zero is that 90% of them are beiing hoarded for speculative investment and what few are traded are by zealots who treat Bitcoins as a religion.

"Something is very strange with this exchange. If someone is holding your money and they tell you that they can only release a fraction of it at a time (or none at all, as is the case right now)... you should be very cautious. It would not surprise me one bit if they actually no longer had access to the assets that they claim they control."

All very good reasons not to leave your Bitcoins in an exchange.

So if you want your Bitcoins actually usable, your private wallet has to be Internet accessible which makes it vulnerable - as we've seen with Bitcoin private wallets getting robbed.

If these exchanges don't have the technical expertise to keep there machines safe, what makes you so certain you can?

This is the biggest issue I have with bitcoin - the constant series of excuses why Bitcoins is still so safe even with all of the awful news. A major exchange gets hacked, "People know not to use that one. If they go under, they deserve it. ". A problem in the protocol: "We knew about that for years." A few major Bitcoin sites get hacked: "It's their fault. They should have had better code."

The only RESIN? Bitcoins have not gone to zero is that 90% of them are beiing hoarded for speculative investment and what few are traded are by zealots who treat Bitcoins as a religion.

There is no such thing as a private wallet and if someone doesn't follow the guidelines by putting a password on it they have no business being on the internet. Malware can affect or keylog anything and the rest of the internet is only just starting to get better protection from 2FA so this is not a unique problem to Bitcoin. Your post sounds like you do not know how it works and just want to spread FUD. I will gladly post a copy of my wallet for you to try and do something with but its easier just post an address for you to donate to because that is all you could do with my wallet.

"We fixed the problem on our end, even though it was a hardcoded problem with Bitcoin."

There is not a single problem with the Bitcoin protocol. As full disclosure, I don't own any bitcoins, but it really kills me to see anyone disparage something they don't understand, or spreading around misinformation.

Transaction malleability is the reality that at any time someone can try to defraud the Bitcoin network by manipulating transactions. The end goal as well as the methods of attack may vary, such as getting more bitcoins for yourself, making the value of BTC tank, or double spending, but in the end the outcome is the same: someone creates false transactions or modifies existing ones and sends them out to the network.

Let's say that Alice is a right old fraud and tries to double spend. Alice sends one bitcoin to Bob. She then maliciously tries to send the very same bitcoin to Charlie by sending that transaction to a different part of the Bitcoin network (this is technically not correct as there's no such thing as a bitcoin, just records of transaction, but the simplification is for illustrative purposes only). The nodes to which she sends her transaction with Bob start processing that transaction, while the nodes to which she sends her transaction with Charlie start processing that transaction. As you may have read in my first link, since each block in the blockchain is linked to the previous block, this causes a fork in the blockchain. The protocol dictates that the fork that miners choose to continue gets processed and is considered the actual chain of events, while the other fork becomes orphaned and is ignored (side note: this is why someone having 50% of the mining power, like Ghash.IO, is a big deal.. they could overpower the network and continue the fraudulent fork of the blockchain). In the end, it is of little consequence whether the network chooses Alice's transaction with Bob or Charlie as the "valid" transaction. The end result ends up being the same: the 1 BTC that Alice tried to send to Bob and Charlie only gets sent to one or the other, not both. The other transaction gets orphaned, and either Bob or Charlie goes and asks Alice why she hasn't paid them yet. This is just an example of how the network deals with double spending, but the protocol uses this same process for weeding out and eliminating any type of fraud, including transaction malleability.

This becomes important when you consider the software systems that Mt. Gox and other exchanges use. You must remember Mt. Gox doesn't have a human sitting behind a computer and clicking a "send" button when someone wants to withdraw BTC. There is a complex software system responsible for the payouts. The idea of transaction malleability becomes a big deal because using the right sequence of events, you can trick the system into thinking it hasn't given you your BTC yet, when in reality it has. In the end, the malicious transactions one sends to the Bitcoin network are discarded, but since Mt. Gox operates somewhat like a bank, having a huge reserve of bitcoins that it gives to people when they want to withdraw, it is possible to exploit software vulnerabilities to the point where you drain Mt. Gox's coffers to nil.

If you're not a fan of the Bitcoin protocol, fine. I don't own any and certainly won't until the currency is actually used like a currency and not a speculative medium. Regardless, the protocol is robust and is an impressive piece of software engineering and it's a bit of a slight to keep implying that there is a flaw in the protocol. The proof of work system does a very good job at weeding out fraud and double spending. It was Mt. Gox that dropped the ball with their software design, not the Bitcoin protocol.

"Something is very strange with this exchange. If someone is holding your money and they tell you that they can only release a fraction of it at a time (or none at all, as is the case right now)... you should be very cautious. It would not surprise me one bit if they actually no longer had access to the assets that they claim they control."

All very good reasons not to leave your Bitcoins in an exchange.

So if you want your Bitcoins actually usable, your private wallet has to be Internet accessible which makes it vulnerable - as we've seen with Bitcoin private wallets getting robbed.

If these exchanges don't have the technical expertise to keep there machines safe, what makes you so certain you can?

This is the biggest issue I have with bitcoin - the constant series of excuses why Bitcoins is still so safe even with all of the awful news. A major exchange gets hacked, "People know not to use that one. If they go under, they deserve it. ". A problem in the protocol: "We knew about that for years." A few major Bitcoin sites get hacked: "It's their fault. They should have had better code."

The only resin Bitcoins have not gone to zero is that 90% of them are beiing hoarded for speculative investment and what few are traded are by zealots who treat Bitcoins as a religion.

So if you want your cash actually usable, your leather wallet has to be physically accessible which makes it vulnerable - as we've seen with cash leather wallets getting robbed.

If these banks don't have the technical expertise to keep their vaults safe, what makes you so certain you can?

This is the biggest issue I have with cash - the constant series of excuses why cash is still so safe even with all of the awful news. A person gets robbed, "People know not to walk in dark alleyways. If they get robbed, they deserve it." A problem with people getting their debit cards skimmed: "We knew about that for years." A few major banks sites get hacked: "It's their fault. They should have had better code."

No, qazwart, the only reason Bitcoin hasn't gone under is because none of these things are problems with Bitcoin. They're problems with money and problems with humans. Bitcoins continue to have inherent value as a low transaction cost, tariff-free, non-repudiable, fast, psudoanonymous, international currency system. You're welcome to avoid using them, but if you're going to criticize them you at least need to pick some problems that are Bitcoin-specific.

Some people sure must be making a lot of money every time bitcoin drops 80% in value in a day.

The market is extremely volatile and widely open to manipulation. I really don't think it takes much to torpedo the value with the intention of buying low. You just have to be confidant that the value will go back up, which may also be a product of market manipulation. I'm staying the hell away.

For a product which professes to be a revolution in payments, it's only really proven useful as a vehicle for speculation.

Some people sure must be making a lot of money every time bitcoin drops 80% in value in a day.

The market is extremely volatile and widely open to manipulation. I really don't think it takes much to torpedo the value with the intention of buying low. You just have to be confidant that the value will go back up, which may also be a product of market manipulation. I'm staying the hell away.

For a product which professes to be a revolution in payments, it's only really proven useful as a vehicle for speculation.

It's basically a stock market with no rules.

I think I'd characterize it less as "a vehicle for speculation" and more as "a vehicle for demonstrating why we have an SEC, because this is what happens to unregulated speculation markets." Of course, the SEC admittedly has some issues with integrity, but I'm talking about why we have it, not how effective it is.

Regardless, I do find the actual, accelerated, demonstration of why we have all the financial regulations we do, to be fascinating.

Some people sure must be making a lot of money every time bitcoin drops 80% in value in a day.

The market is extremely volatile and widely open to manipulation. I really don't think it takes much to torpedo the value with the intention of buying low. You just have to be confidant that the value will go back up, which may also be a product of market manipulation. I'm staying the hell away.

For a product which professes to be a revolution in payments, it's only really proven useful as a vehicle for speculation.

Bitcoin is the perfect vehicle for market manipulation. The system is completely opaque such that reported trading volume and prices have to be taken on faith. For some, technology is the new religion and skepticism is heresy. Affinity fraud has found a new and vulnerable subgroup.

Bitcoin is the perfect vehicle for market manipulation. The system is completely opaque such that reported trading volume and prices have to be taken on faith. For some, technology is the new religion and skepticism is heresy. Affinity fraud has found a new and vulnerable subgroup.

But isn't that a problem with regulation of the exchanges and not inherent to Bitcoin itself? It's currently a serious problem, but some solid federal regulation from a first world government on how to run a Bitcoin exchange would eliminate that.

As for the "religion of technology" (and with all the criticisms of the irrationality of some Bitcoin supporters), the ignorance of some people doesn't invalidate the value of the tech.

This is all complete bullshit. When are they going to address the delays in withdrawing money via wire transfer? I've been waiting 4 fucking months now, with no real explanation for the delay. There's something fishy going on with Mt. Gox. They used to be adequate.

Something is very strange with this exchange. If someone is holding your money and they tell you that they can only release a fraction of it at a time (or none at all, as is the case right now)... you should be very cautious. It would not surprise me one bit if they actually no longer had access to the assets that they claim they control. Good luck to everyone who still needs to get their bitcoins out of Mt. Gox.

In other words, you suspect that Mt. Gox operates like a regular bank?

Something is very strange with this exchange. If someone is holding your money and they tell you that they can only release a fraction of it at a time (or none at all, as is the case right now)... you should be very cautious. It would not surprise me one bit if they actually no longer had access to the assets that they claim they control. Good luck to everyone who still needs to get their bitcoins out of Mt. Gox.

In other words, you suspect that Mt. Gox operates like a regular bank?

A fractional reserve foreign currency exchange... what could go wrong?

What makes you so sure Mt. Gox is a fractional reserve? I don't see them doing any lending, or otherwise relinquishing control of the BTC in their custody in any way. So far as I can tell, every customer expecting to withdraw the BTC they have deposited at Mt. Gox will get all of them, as soon as the software issues are resolved. Even if every single customer asks to withdraw every single Bitcoin. Perhaps I'm wrong about some or all of this, but if so I would truly like to know what and how.

What makes you so sure Mt. Gox is a fractional reserve? I don't see them doing any lending, or otherwise relinquishing control of the BTC in their custody in any way. So far as I can tell, every customer expecting to withdraw the BTC they have deposited at Mt. Gox will get all of them, as soon as the software issues are resolved. Even if every single customer asks to withdraw every single Bitcoin. Perhaps I'm wrong about some or all of this, but if so I would truly like to know what and how.

Sorry for the confusion, that was an attempt at sarcasm.

They aren't fractional reserve, but if they've lost a ton of bitcoin it could amount to the same thing. That's just speculation though, we don't know right now how much they've actually lost. If there are losses, I hope they're small for the sake of their users.

For a product which professes to be a revolution in payments, it's only really proven useful as a vehicle for speculation.

Bitcoin is the perfect vehicle for market manipulation. The system is completely opaque such that reported trading volume and prices have to be taken on faith. For some, technology is the new religion and skepticism is heresy. Affinity fraud has found a new and vulnerable subgroup.

Sorry, but this is complete bullshit. Have you read anything about bitcoin besides this article? If you had, then you'd already know that the system is NOT "opaque," but completely transparent. Anyone can audit the blockchain; all transactions are public and completely visible. There isn't anything at all "opaque" about the bitcoin protocol. You sound like you need some help. Here, let me just google the term "open source" for you...